--- title: About the etc_group Resource --- # etc_group Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.
## Syntax A `etc_group` resource block declares a collection of properties to be tested: describe etc_group('path') do its('matcher') { should eq 'some_value' } end or: describe etc_group.where(item: 'value', item: 'value') do its('gids') { should_not contain_duplicates } its('groups') { should include 'user_name' } its('users') { should include 'user_name' } end where * `('path')` is the non-default path to the `inetd.conf` file * `.where()` may specify a specific item and value, to which the matchers are compared * `'gids'`, `'groups'`, and `'users'` are valid matchers for this resource ## Examples The following examples show how to use this InSpec audit resource. ### Test group identifiers (GIDs) for duplicates describe etc_group do its('gids') { should_not contain_duplicates } end ### Test all groups to see if a specific user belongs to one (or more) groups describe etc_group do its('groups') { should include 'my_group' } end ### Test all groups for a specific user name describe etc_group do its('users') { should include 'my_user' } end ### Filter a list of groups for a specific user describe etc_group.where(name: 'my_group') do its('users') { should include 'my_user' } end
## Matchers This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). ### gids The `gids` matcher tests if the named group identifier is present or if it contains duplicates: its('gids') { should_not contain_duplicates } ### groups The `groups` matcher tests all groups for the named user: its('groups') { should include 'my_group' } ### users The `users` matcher tests all groups for the named user: its('users') { should include 'my_user' } ### where The `where` matcher allows the test to be focused to one (or more) specific items: etc_group.where(item: 'value', item: 'value') where `item` may be one (or more) of: * `name: 'name'` * `group_name: 'group_name'` * `password: 'password'` * `gid: 'gid'` * `group_id: 'gid'` * `users: 'user_name'` * `members: 'member_name'`